[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Restricting DNS queries on bind
Hi all,
To restrict recursive DNS queries, but allow any primary or secondary
zones to be seen, use something like the following in
/etc/bind/named.conf
--- Begin named.conf ---
acl pinet {
203.20.51.0/24;
203.185.224.80/29;
};
acl secondary {
203.22.70.7; // commerce.ecn.net.au
203.22.247.65; // avalon.immortal.net.au
};
acl primary {
203.7.155.69; // phyto.cyber.com.au, for coffee.net.au
203.15.51.6; // caliburn.humbug.org.au, for humbug.org.au
203.2.231.20; // proxy.hastdeer.com.au, for hastdeer's zones
};
options {
directory "/etc/bind";
// query-source address * port 53;
// listen-on { 203.20.51.20; };
// allow-query { any; }; // This is the default
allow-query {
localhost;
pinet;
secondary;
primary;
};
// recursion no; // Do not provide
// recursive service
};
zone "51.20.203.in-addr.arpa" {
type master;
file "rev/db.203.20.51";
allow-query { any; };
allow-transfer {
203.20.51.50;
203.22.70.7;
};
};
zone "pisoftware.com" {
type master;
file "pri/db.pisoftware.com";
allow-query { any; };
allow-transfer {
203.22.70.7;
203.20.51.50;
};
};
--- End named.conf ---
Thanks,
Brad
--
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
|Brad Marshall | Plugged In Software|
|Senior Systems Administrator | http://www.pisoftware.com|
|mailto:bmarshal@pisoftware.com | GPG Key Id: 47951BD0 / 1024b|
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+
Fingerprint: BAE3 4794 E627 2EAF 7EC0 4763 7884 4BE8 4795 1BD0